Photo by protect.computer on protect.computer
What happened
Cisco released fixes for a critical vulnerability in Cisco Integrated Management Controller (IMC), tracked as CVE-2026-20093. IMC is the out-of-band management interface used on many UCS servers.
According to Cisco, the bug is caused by incorrect handling of password-change requests. A remote attacker who can reach the IMC web interface could send a crafted request to bypass authentication, change user passwords (including admin), and then log in as that user.
Why this matters
IMC is a high-value target because it controls server management even when the operating system is down. If attackers gain IMC admin access, they can potentially alter configuration, disrupt operations, and pivot deeper into internal infrastructure.
How to check if you’re affected
You may be affected if you run Cisco UCS systems with exposed or reachable IMC interfaces and have not applied Cisco’s fixed software.
- Identify Cisco UCS C-Series/E-Series servers that use IMC/CIMC.
- Check installed IMC firmware/software versions against Cisco’s fixed-version matrix in the advisory.
- Verify whether IMC management interfaces are reachable from untrusted networks.
- Review recent IMC account-password changes and admin logins for anomalies.
- Apply Cisco’s patched release immediately; Cisco says there are no workarounds for this issue.
Immediate defensive actions
- Restrict IMC access to dedicated management networks/VPN only.
- Block public internet exposure of IMC web/API endpoints.
- Rotate IMC administrative credentials after patching.
- Enable and retain IMC audit logs for incident review.
Sources
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn (primary source)
- https://nvd.nist.gov/vuln/detail/CVE-2026-20093
Bottom line
If your organization runs Cisco UCS servers, treat IMC patching for CVE-2026-20093 as urgent and lock management-plane exposure down immediately.